Ephemeral Media Hosting
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run on the wrong machine or with incorrect paths, these commands could alter server filesystem ownership and permissions.
The setup guide includes local shell commands with sudo that create directories and change ownership/permissions. This is expected for configuring a media host, but it changes the local server.
sudo mkdir -p "$media_root"/{temp,uploads,processed,logs,scripts}
sudo chown -R "$nginx_user:$nginx_user" "$media_root"Run the setup only on the intended server, review the paths and nginx user first, and keep backups of existing web-server configuration.
The user may need administrator access, and mistakes could affect the web server or public site availability.
The guide instructs configuring an nginx site under /etc/nginx, which normally requires administrator privileges. This is coherent with web hosting, but it crosses an OS privilege boundary.
# /etc/nginx/sites-available/ephemeral-media
server {
listen 80;
server_name media.yourdomain.com;Review the nginx configuration manually, test it before enabling, and apply it with the least necessary administrator access.
Once installed, the cleanup job can continue running daily and delete hosted files older than the configured retention period.
The skill includes an example that installs a recurring cron job for cleanup. The behavior is disclosed and purpose-aligned, but it persists after setup.
(crontab -l 2>/dev/null; echo "$cron_entry") | sort -u | crontab -
Install the cron job only if automatic deletion is desired, verify the retention period and paths, and document how to disable it.